Protect The Data

Big Data and Cloud Data

You Must Protect the Data (Caveat: Slide set geared toward Executive managers & non-experts)

http://patrick642.wordpress.com from strategy, intelligence, innovation, leadership to improvements

http://patrick642nu.wordpress.com from cyber security, strategy, innovation, Intel & Intelligence to leadership

Patrick A. -- MScIA MBA CISSP-ISSEP

Intelligence Officer/Analyst – Cyber security/InfoSec SME

May 25, 2014

Champions Prior to anything else, you absolutely must have on your

side, on board and in agreement for your Data / Network Protection efforts CEO

Chairman of the Board

President

If these individuals are unwilling to Champion or Sponsor ‘necessary’ security efforts – you may as well stop here

If they are on board, they should see clear cut reasons & benefits behind protecting the data, because it means keeping: The company Brand/Reputation intact AND enhancing it

Customers happy, knowing their data is being protected

Investors happy – some of whom are altruistic and desire more than just profits…

Policies You must have Policies in place to go along with your

other efforts with executive management signing off on them

Without Policies for your management, staff, partners & vendors, you have no leg to stand on

Computer Use Policy

Internet Use Policy

Telecommunicating Policy (Work from home)

Non-Disclosure Agreement (NDA)/Policy

As well as other needed policies

Policy enforcement – you actually need to do this…

Invaders Your data is what the ‘invaders’ want

They will do whatever they can to get at it

Hackers Hacktivists Terrorists Nation states and well, even friends sometimes (allegedly)… NSA

Big Data and Cloud Data (basics) (1 of 4)

Big Data Unstructured and/or structured info your firm

receives and/or collects – multiple sources

Big Data uses algorithms and analytics to filter through all the forms of data collected to data mine and analyze for required results

The data PDFs, Images (ie - JPEGs, TIFs), Word &

Excel, Word Perfect, Google Docs, email (professional,

commercial (ie Hotmail)), HTML, HTML5, XML, Database, Video, etc.

Big Data and Cloud Data (basics) (2 of 4)

Cloud Data Info in the “Cloud”

The “Cloud” is nothing more than

Big Data or specific data sent to/from networks

Cloud – a network comprised of a number of servers with multiple CPUs and multiple attached storage devices at some location on the planet, for parallel processing or not – think of the early ‘94 Beowulf network (Becker, D.J. and Sterling, T. and Savarese, D. and Dorband, J.E. and Ranawak, U.A. and

Packer, C.V. www.phy.duke.edu/~rgb/brahma/Resources/beowulf/papers/ICPP95/icpp95.html)

Grid computing, which is similar, is the collection of computer resources from multiple locations to reach a common goal

Big Data and Cloud Data (basics) (3 of 4)

Cloud Data Service Level Agreements (SLA)

Ensure SLA explicitly covers:

Protection partnership between you & Cloud provider (you are both responsible); anti-malware, encryption, VPN access, liability, forensics for any breach, disaster recovery (provider – fire, earthquake, etc.)

Who at your firm:

Has Admin rights to the data for any kind of admin work

Can access the Cloud data (staff, partners, vendors)

Who at Cloud provider can:

Access your data for replication/back up purposes & troubleshooting ‘only’ without rights to perform any reading, data manipulation, copying or printing

Big Data and Cloud Data (basics) (4 of 4)

Access to Data

Passwords - Complex & Encrypted – Yes, painful, annoying & necessary

Better than losing $xxx,000+ of R&D data due to weak passwords (i.e. no more short 8-10 character passwords)

Must move to better authentication (who’s who)

2-factor – token & pin, smartcard & pin

Biometrics – retina, fingerprint

Provide “only” needed access (authorization) to data people need to do their job well (and protecting against insider threats)

i.e. – Are USB ports, DVD/CD writing capabilities necessary – for everyone…?

Sys Admins do not require access to all (i.e. – Snowden)

Encryption

Network & VPN AES-192 or AES-256

Wi-Fi No WEP or WPA At minimum use WPA2

Make use of security mechanisms in: IPv6, IPSec & DNSSec

Application layer to Application layer Where possible, not just endpoint endpoint

Data At Rest Servers, SANs/NAS, PCs, Laptops, Smartphones (containers)

CPUs Because of encryption & authentication, you need devices capable of higher processing demands

Laptops, PCs, Servers

Do not forget smartphones & tablets too…

Many CPU cores as possible

Highest GHz possible for:

Encrypting & decrypting data

Preventing latency & lag times

Users will not like it and ‘will’ become unproductive if they have to wait on decrypt/encrypt & transmission times

Wi-Fi Access Points (1 of 2)

For firms, the more APs, the better

Wi-Fi Access Points (2 of 2)

Strong Passwords & SSIDs No default passwords or Descriptive SSIDs

Multiple APs & multiple SSIDs Limit rights & access through the APs - Guests, Admins,

Staff, Partners, Vendors

Coverage – roaming, fewer dropped connections

Scan for rogue APs Periodically & Randomly – remove & enforce policies

Directional antennas on peripheries

Max power for APs – No Are people outside the bldg using your Wi-Fi…

VPN If you care about:

Who remotely accesses your network

Productivity of remote staff

1) Obtain a strong VPN package

Excellent admin features such as

A dashboard for drilling down to granular levels and

Includes analytics for “what if” and other scenarios

2) It will be Fast AND User friendly for your staff

3) One of the best of breed VPNs

4) Scalable to grow with you

No barebones VPN

You will pay more later if you do to gain needed features

Network Speeds (1 of 2)

Today, it is necessary for your network to have

the best throughput possible & for tomorrows’

growth

Very, very minimal latency – Staff is more productive

Latency – Staff and Management wait and they become bored…

and/or annoyed…

Network Speeds (2 of 2)

You need more:

Bandwidth into & out of your network

Throughput across your network

You will need both to handle growing

Increased speeds: Router, VPN, Switch, Wi-Fi AP & Server

10 – 100Mbps no longer cuts it for tomorrow when we will have

4K HDTV

More holographic conference calls (i.e. Cisco Telepresence)

Smartphone to Desk phone video calls

1 Tbps traffic – yes, 1 Tbps (BT & Alcatel-Lucent proved this new protocol

[Flexigrid] works – over “existing” hardware & fiber optics @ 1.4Tbps)

Anti-Malware (1 of 2)

Anti-Virus (AV) is no longer good enough, you need

a suite of detective and mitigating anti-malware

software, capable of working from the physical

layer up to the application layer.

The suite must be capable of working on and at

various points throughout your network.

Detect, Correlate, Prevent, Mitigate & Report malicious

activity

Work in conjunction with IDS/IPS/Firewalls

Anti-Malware (2 of 2)

Intelligent, best of breed

Layered – to cover multiple avenues of attack

No one vendors’ product captures all malware

If possible, obtain a second best of breed suite to run in parallel

Or, use a vendor who does this in the Cloud with multiple anti-malware

engines for real-time protection

Very fast processing capabilities

If possible, software should use:

Artificial Intelligence, Heuristics, Expert Logic or Fuzzy Logic

IDS/IPS & Firewalls

Even anti-malware is not enough by itself. You must detect & prevent as much malware (or hackers) as possible, as soon as possible, every place possible

Needed for infiltration into and exfiltration of data out of the network

Intrusion Detection Systems & Intrusion Protection Systems

NIDS – for the network, on the periphery & internally

HIDS – for servers, PCs, laptops

Firewalls

High throughput

Very fast processing

With extremely low latency & extremely low drops & false positives

Forensics You will need forensics software (not barebones) to do

multiple levels of forensics if you have an incident

High to Low level (think deep dive)

After an incident, you will need to do various forms of forensics

Financial & Auditing

Network

To see where infiltrated, how, when and what damage was done

Enough varied reporting capabilities for most situations allowing for detailed content

Look out for Anti-Forensics attempts…

Physical Security

This goes without saying, we still need Physical Security Must work with Cyber Security staff & vice versa

Physical security should have a good level of cyber security training

Your buildings need better than just good physical security, for:

Doors (all doors) Windows (all windows) Fences

Badge Access system (with a chip, no magnetic stripe)

Cameras (with great zoom & resolution & tracking & recording & storage & retrieval capabilities)

Random (and tested) physical sweeps

Innovation & Creativity

We are at the point where we need more Innovation and Creativity to protect the data, engage your: Techie staff for ideas they know or have heard of Non-techie staff for divergent ideas, which could prove

valuable

Quantum Computing is growing and that, along with Quantum Cryptography will make current cyber security efforts, obsolete

Think, Think, Think… and Adapt, rapidly

You and your firm cannot afford to go partially into Protecting The Data, skimping on cost – from this point on, this is an “all in” situation!